SY0-701 Security Operations • Timed 10 Questions
This is a timed practice session. You have 10 minutes to answer 10 questions — approximately 1 minute per question, matching real SY0-701 exam pace. Answer every question before time expires.
Time remaining
10:00
Exam-pace drill
Allow 1 minute per question. On the real SY0-701 exam you have approximately 72 seconds per question — this session trains you to maintain that pace under pressure.
A SOC analyst receives an alert from the EDR system indicating that the process 'C:\Program Files\Vendor\Updater.exe' attempted to modify the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key on a user's workstation. The analyst checks the file hash and finds it matches a known legitimate software updater. Which of the following actions is most appropriate for the analyst to take?